As Biser İnşaat Sanayi ve Ticaret Anonim Şirketi (the "Company"), we attach the utmost importance to ensuring the security of your personal data. In this context, in accordance with the Turkish Personal Data Protection Law No. 6698 (the "PDPL"), we take all necessary measures to provide an appropriate level of security in the processing and transfer of your personal data to third parties, in order to prevent the unlawful processing of and access to your personal data and to ensure their preservation. Aware of this responsibility, we process your personal data within the framework set out below in our capacity as Data Controller under the PDPL and related legislation.
As the Company, we are the legal entity that determines the purposes and means of processing your personal data and is responsible for the establishment and management of the data filing system. Once you provide your explicit consent, or where explicit consent is not required and we have provided the relevant information, our Company will begin processing your personal data while ensuring data security. While processing your personal data, we may also have it processed by one or more authorised data processors, ensuring the necessary level of security.
The personal data and special categories of personal data obtained when you complete the Data Subject Application Form, within the framework explained above, are listed below.
| Identity Data | Full Name, Turkish ID Number/Passport Number, Date of Birth, Signature. For Third-Party Applications: Copy of identity document (parents' names, marital status, gender, photograph, nationality). |
|---|---|
| Contact Data | Email address, Phone number, Postal address. |
| Transaction Information | Details of the request. |
| Special Categories of Personal Data | For Third-Party Applications: Religion and blood type information appearing on the photocopy of the identity document. |
| Other | Power of attorney and/or copy of the legal representative appointment decision. |
Your personal data are obtained and processed by the Company, depending on the nature of the service we provide to you, in accordance with the PDPL and related legislation, by submitting the Data Subject Application Form by hand, email, registered electronic mail (KEP) or postal mail, for the purposes set out below and to enable the Company to lawfully carry out all activities falling within its field of operation, and to fully and properly perform its contractual and legal obligations within this scope.
The personal data referred to above are processed by the Company for the following limited purposes:
The data are processed on the legal grounds set out in Articles 5 and 6 of the PDPL — namely, "being expressly provided for by law", "processing being mandatory for the legitimate interests of the data controller" and "processing being mandatory for the establishment, exercise or protection of a right".
The personal data referred to above are preserved with great care and in compliance with legislation, by taking all administrative and technical measures aimed at providing an appropriate level of security.
The personal data submitted to us through the Data Subject Application Form are shared, where necessary and limited to the processing purposes set out above, with authorised public institutions and organisations and with our domestic suppliers/natural persons or private legal entities from whom we receive services as data processors.
In addition, since our mail server is hosted by a supplier based abroad, your personal data are shared with our overseas supplier on the legal grounds set out in Articles 5 and 6 of the PDPL — namely, "processing being mandatory for the establishment, exercise or protection of a right" and "processing being mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not prejudiced" — and on the basis of the signed Standard Contract.
The Company retains the personal data it processes for the periods stipulated by legislation. Where no specific period is set in the legislation, personal data are retained for the period required for processing in line with the Company's practices and customary commercial practice associated with the services it provides — and afterwards solely for the periods that may be required in practice for the purpose of serving as evidence in any potential legal disputes. Upon expiry of the periods specified, in accordance with Article 7 of the PDPL, such personal data are erased, destroyed or anonymised on the next periodic destruction date.
Pursuant to Article 11 of the PDPL, you may apply to the Company and submit the following requests:
You may exercise the rights listed above in accordance with the PDPL, the provisions of the Communiqué on the Procedures and Principles of Application to the Data Controller dated 10 March 2018, and other applicable current legislation, by using the "Data Subject Application Form Pursuant to the Personal Data Protection Law" through one of the following channels:
If a person other than the data subject is to make the request, a notarised special power of attorney issued by the data subject in the name of the person making the application on their behalf must be submitted.
Requests duly submitted to the Company in this scope will be concluded within thirty days at the latest. If the conclusion of such requests requires an additional cost, the Company may charge the applicant the fee specified in the tariff determined by the Personal Data Protection Board (the "Board"). Where the Company responds to your application via a recording medium such as a CD or flash drive, a fee not exceeding the cost of the recording medium may be charged.
The Company may request information from the applicant in order to verify whether the applicant is the data subject of the personal data, and may direct questions to the applicant in order to clarify the matters set out in the application.
Pursuant to Article 14 of the PDPL, in the event the application is rejected, the response is found insufficient or no response is provided to the application within the time limit, the data subject may file a complaint with the Board within thirty days from learning of the Company's response and, in any case, within sixty days from the date of application.